OpenID creator David Recordon

Six Apart’s David Recordon co-invented OpenID, which enables you to sign in to thousands of online services with the same digital identity. He talks to Oliver Lindberg about its latest developments

Shares

.net: What’s your vision of the open web?DR: The web is evolving. It’s becoming more social. So the things that you really need to build at this point are pieces that allow people to interact between different services, that allow people to share things with people that they know, no matter whether they upload photos on Flickr or Picasa, without having to recreate accounts and re-enter the same data and do all those repetitive tasks. I look at these pieces – technologies or best practices – that need to exist to really make that happen.

.net: Which of the developments are you most excited about?DR: It’s hard for me not to say OpenID: I’ve spent a few years working on it. But I’m also excited about the work that’s underway to create a hybrid of OpenID and OAuth [an open protocol to allow secure API authorisation in a simple and standard method from desktop and web applications]. It’s looking at how OpenID and OAuth can be used together to allow users to log in to a website and at the same time grant that website access to some data from their OpenID provider. Google, for example, is using OAuth through their APIs and they have an OpenID provider. So if I wanted to prove that this was my Google account and also give that website access to my calendar, I’d first go to the OpenID flow and then to the OAuth flow. The hybrid would cut that down into one.

.net: There are quite a few different open standards out there. Isn’t that too confusing?DR: I think it’s probably pretty natural for the state we’re at. OpenID has been around for three years, OAuth is a little over a year old and microformats are somewhere in the middle. Now it has to be worked out how they can work together and how they complement each other. This process will happen over the next year as the technologies mature. At one point people were saying that OpenID and OAuth were competing with each other but the hybrid very clearly shows they actually do slightly different things and can create more value if you use them together.

.net: OpenID has certainly gathered momentum over recent months, with big players such as Microsoft and Google joining the party. But how do you push OpenID forward even more?DR: OpenID is now starting to get in front of more mainstream consumers. So the OpenID Foundation and the community really need to focus on allowing OpenID to become a mainstream technology. We’re focusing on the user experience and usability and how we learn from other efforts such as Facebook Connect, where the user experience is very different.

.net: What do you think of Facebook Connect, which enables users to port their profile data to third-party websites?DR: It’s definitely making it easier for people to interact with others they know across sites, share things with people they know and find people they know. But I think the challenge that Facebook is going to run into is that it’s not built on top of open technologies. It’s built on top of technologies that are largely developed by Facebook. Even though what it’s offering is very valuable, I think other social networks will try to implement the same thing. MySpace has already done it with its Data Availability initiative [now renamed MySpaceID], built on top of OpenID, OAuth, microformats and OpenSocial.

.net: What are the goals of the Open Web Foundation you announced a few months ago?DR: At least initially it’s to create a place where communities can come together and create open specifications for the web. It’s also aiming to help those communities steer away from intellectual property encumbrances, so that the specs they create don’t require pattern licensing and are free to implement to anyone. But OpenID, OAuth, OpenSocial and microformats all created their own non-profit foundation, so we said that either we could create a few more foundations over the next year or we could try to create one more. We’re very much taking the open source mentality – we’re probably in the state of open source a decade ago. We don’t have a common licensee for specifications yet but the Open Web Foundation has created a legal committee, which is working on creating a licence that can be used by communities developing these specs.